package org.wso2.carbon.identity.application.authentication.framework.services;

import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthenticationHandler;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.framework.util.LoginContextManagementUtil;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/services/PostAuthenticationMgtService.class */
public class PostAuthenticationMgtService {
    private static final Log log = LogFactory.getLog(PostAuthenticationMgtService.class);

    public void handlePostAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        logDebug("Executing Post Authentication Management Service for context " + authenticationContext.getContextIdentifier());
        List<PostAuthenticationHandler> postAuthenticationHandlers = FrameworkServiceDataHolder.getInstance().getPostAuthenticationHandlers();
        int currentPostAuthHandlerIndex = authenticationContext.getCurrentPostAuthHandlerIndex();
        logDebug("Starting from current post handler index " + currentPostAuthHandlerIndex + " for context : " + authenticationContext.getContextIdentifier());
        if (!isPostAuthenticationInProgress(authenticationContext, postAuthenticationHandlers, currentPostAuthHandlerIndex)) {
            endPostAuthenticationHandlerFlow(authenticationContext, httpServletRequest, httpServletResponse);
            return;
        }
        validatePASTRCookie(authenticationContext, httpServletRequest);
        setPASTRCookie(authenticationContext, httpServletRequest, httpServletResponse);
        while (currentPostAuthHandlerIndex < postAuthenticationHandlers.size()) {
            if (executePostAuthnHandler(httpServletRequest, httpServletResponse, authenticationContext, postAuthenticationHandlers.get(currentPostAuthHandlerIndex))) {
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
                return;
            }
            currentPostAuthHandlerIndex++;
        }
        endPostAuthenticationHandlerFlow(authenticationContext, httpServletRequest, httpServletResponse);
    }

    private boolean executePostAuthnHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, PostAuthenticationHandler postAuthenticationHandler) throws PostAuthenticationFailedException {
        if (!postAuthenticationHandler.isEnabled()) {
            logDebug("Post authentication handler " + postAuthenticationHandler.getName() + " is disabled. Hence returning without executing for context : " + authenticationContext.getContextIdentifier());
            return false;
        }
        logDebug(postAuthenticationHandler.getName() + " is enabled. Hence executing for context : " + authenticationContext.getContextIdentifier());
        PostAuthnHandlerFlowStatus handle = postAuthenticationHandler.handle(httpServletRequest, httpServletResponse, authenticationContext);
        logDebug("Post authentication handler " + postAuthenticationHandler.getName() + " returned with status : " + handle + " for context identifier : " + authenticationContext.getContextIdentifier());
        if (!isExecutionFinished(handle)) {
            logDebug("Post authentication handler " + postAuthenticationHandler.getName() + " is not completed yet. Hence returning for context : " + authenticationContext.getContextIdentifier());
            return true;
        }
        logDebug("Post authentication handler " + postAuthenticationHandler.getName() + " completed execution for session context : " + authenticationContext.getContextIdentifier());
        authenticationContext.setExecutedPostAuthHandler(postAuthenticationHandler.getName());
        return false;
    }

    private boolean isExecutionFinished(PostAuthnHandlerFlowStatus postAuthnHandlerFlowStatus) {
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED.equals(postAuthnHandlerFlowStatus) || PostAuthnHandlerFlowStatus.UNSUCCESS_COMPLETED.equals(postAuthnHandlerFlowStatus);
    }

    private boolean isPostAuthenticationInProgress(AuthenticationContext authenticationContext, List<PostAuthenticationHandler> list, int i) {
        return !LoginContextManagementUtil.isPostAuthenticationExtensionCompleted(authenticationContext) && list.size() > i;
    }

    private void markPostAuthenticationCompleted(AuthenticationContext authenticationContext) {
        logDebug("Post authentication evaluation has completed for the flow with session data key : " + authenticationContext.getContextIdentifier());
        LoginContextManagementUtil.markPostAuthenticationCompleted(authenticationContext);
    }

    private void setPASTRCookie(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (authenticationContext.getParameter(FrameworkConstants.PASTR_COOKIE) != null) {
            logDebug("PASTR cookie is already set to context : " + authenticationContext.getContextIdentifier());
            return;
        }
        logDebug("PASTR cookie is not set to context : " + authenticationContext.getContextIdentifier() + ". Hence setting the cookie");
        String generateUUID = UUIDGenerator.generateUUID();
        FrameworkUtils.setCookie(httpServletRequest, httpServletResponse, FrameworkUtils.getPASTRCookieName(authenticationContext.getSessionIdentifier()), generateUUID, -1);
        authenticationContext.addParameter(FrameworkConstants.PASTR_COOKIE, generateUUID);
    }

    private void validatePASTRCookie(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest) throws PostAuthenticationFailedException {
        Object parameter = authenticationContext.getParameter(FrameworkConstants.PASTR_COOKIE);
        if (parameter == null) {
            logDebug("No stored pastr cookie found in authentication context for : " + authenticationContext.getContextIdentifier() + " . Hence returning without validating");
            return;
        }
        String str = (String) parameter;
        Cookie cookie = FrameworkUtils.getCookie(httpServletRequest, FrameworkUtils.getPASTRCookieName(authenticationContext.getSessionIdentifier()));
        if (cookie == null || !StringUtils.equals(str, cookie.getValue())) {
            throw new PostAuthenticationFailedException("Invalid Request: Your authentication flow is ended or invalid. Please initiate again.", "Post authentication sequence tracking cookie not found in request with context id : " + authenticationContext.getContextIdentifier());
        }
        logDebug("pastr cookie validated successfully for sequence : " + authenticationContext.getContextIdentifier());
    }

    private void removePASTRCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) {
        Object parameter = authenticationContext.getParameter(FrameworkConstants.PASTR_COOKIE);
        if (parameter == null) {
            logDebug("PASTR cookie is not set to context : " + authenticationContext.getContextIdentifier());
        } else {
            logDebug("Removing post authentication sequnce tracker cookie for context : " + authenticationContext.getContextIdentifier());
            FrameworkUtils.setCookie(httpServletRequest, httpServletResponse, FrameworkUtils.getPASTRCookieName(authenticationContext.getSessionIdentifier()), parameter.toString(), 0);
        }
    }

    private void endPostAuthenticationHandlerFlow(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        markPostAuthenticationCompleted(authenticationContext);
        removePASTRCookie(httpServletRequest, httpServletResponse, authenticationContext);
    }

    private void logDebug(String str) {
        if (log.isDebugEnabled()) {
            log.debug(str);
        }
    }
}
